| To: | "David S. Miller" <davem@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] sha2-256 truncation |
| From: | Michal Ludvig <michal@xxxxxxxx> |
| Date: | Fri, 09 Jan 2004 11:12:40 +0100 |
| Cc: | netdev@xxxxxxxxxxx |
| In-reply-to: | <3FFE6B72.9030808@logix.cz> |
| References: | <3FFE6B72.9030808@logix.cz> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.5) Gecko/20030925 |
Michal Ludvig told me that: the attached trivial patch corrects the truncation size of computed hashes that are used in IPsec ESP/AH packets for SHA2-256. All other hash algorithms use 96 bits as well as does SuperFreeS/WAN and FreeBSD also for SHA2-256. Only the native Linux sha2-256 used 128 bits what led to incompatibility with other IPsec implementations. Oops, sorry. I sent a reversed patch originally. Please use this one instead. Michal Ludvig -- * A mouse is a device used to point at the xterm you want to type in. * Personal homepage - http://www.logix.cz/michal --- linux-2.6.0/net/xfrm/xfrm_algo.c 2004-01-08 01:29:52.067261651 +0100
+++ linux-2.6.0.orig/net/xfrm/xfrm_algo.c 2004-01-08 01:28:38.668690081
+0100
@@ -85,7 +85,7 @@ static struct xfrm_algo_desc aalg_list[]
.uinfo = {
.auth = {
- .icv_truncbits = 128,
+ .icv_truncbits = 96,
.icv_fullbits = 256,
}
},
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] Mark SIOCSIFNAME as compatible ioctl, David S. Miller |
|---|---|
| Next by Date: | Re: Problems with ipv4 multicast implementation in 2.4? (fwd), Holger Kiehl |
| Previous by Thread: | [PATCH] sha2-256 truncation, Michal Ludvig |
| Next by Thread: | Re: [PATCH] sha2-256 truncation, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |